#! /bin/bash -
# auto setup l2tp on ubuntu
LC_ALL=C
# BEGIN Tool Functions
. $(dirname $0)/pffs
# END Tool Functions
setupl2tp_old(){
	ifYesDo "catIntoFile $'nospoof on' /etc/host.conf"; # nospoof.;
	ifYesDo "apt-get -y update"; # update.;
	ifYesDo "apt-get -y install openswan xl2tpd ppp"; # intall l2tp with default option.;
	ifYesDo "apt-get -y install lsof "; # intall l2tp.;
	ifYesDo "iptables --table nat --append POSTROUTING --jump MASQUERADE"; # create nat rule for iptables.;
	ifYesDo "echo 'net.ipv4.ip_forward = 1' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.accept_redirects = 0' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.send_redirects = 0' |  tee -a /etc/sysctl.conf; for vpn in /proc/sys/net/ipv4/conf/*; do 	echo 0 > \$vpn/accept_redirects; echo 0 > \$vpn/send_redirects;done; sysctl -p"; # enable kernel IP packet forwarding and disable ICP redirects.;
	ifYesDo "sedIntoFile 'for vpn in /proc/sys/net/ipv4/conf/*; do	echo 0 > $vpn/accept_redirects;	echo 0 > $vpn/send_redirects;done; iptables --table nat --append POSTROUTING --jump MASQUERADE' /etc/rc.local before 'exit 0'"; # To make sure this keeps working at boot you might want to add the following to /etc/rc.local.;
	ifYesDo "cat /etc/ipsec.d/examples/l2tp-psk.conf >> /etc/ipsec.conf; gatewayIP=$(ip route|grep default|awk '{ print $(3)}'); sedIntoFile '\	left='\${gatewayIP}'' /etc/ipsec.conf replace '\tleft=YourGatewayIP'; serverIP=$(ip addr|grep eth0$| awk '{ print $(2)}'|awk -F/ '{ print $1}'); echo \${gatewayIP};echo \${serverIP};sedIntoFile '\ \ \ \ \ \ \ \ left='\${serverIP}'' /etc/ipsec.conf replace '        left=YourServerIP'; sedIntoFile '\ \ \ \ \ \ \ \ leftnexthop='\${gatewayIP}'' /etc/ipsec.conf replace '        leftnexthop=YourGwIP'; catIntoFile \$''\${serverIP}' %any: PSK \"leerkan\"' /etc/ipsec.secrets;"; # configure the /etc/ipsec.conf.;
	ifYesDo "ipsec verify;"; # verify ipsec.;
	ifYesDo "catIntoFile $'[global]\n ipsec saref = yes\n\n[lns default]\n ip range = 172.16.1.30-172.16.1.100\n local ip = 172.16.1.1\n refuse pap = yes\n require authentication = yes\n ppp debug = yes\n pppoptfile = /etc/ppp/options.xl2tpd\n length bit = yes' /etc/xl2tpd/xl2tpd.conf;"; # configure /etc/xl2tpd/xl2tpd.conf.;
	ifYesDo "catIntoFile $'require-mschap-v2\n ms-dns 8.8.8.8\n ms-dns 8.8.4.4\n auth\n mtu 1200\n mru 1000\n crtscts\n hide-password\n modem\n name l2tpd\n proxyarp\n lcp-echo-interval 30\n lcp-echo-failure 4' /etc/ppp/options.xl2tpd;"; # configure /etc/ppp/options.xl2tpd.;
	ifYesDo "catIntoFile 'test	l2tpd	vpn4testonly			*' /etc/ppp/chap-secrets;"; # configure /etc/ppp/chap-secretes to add user.;
	ifYesDo "/etc/init.d/ipsec restart; /etc/init.d/xl2tpd restart;"; # configure /etc/ppp/chap-secretes to add user.;

	#####################################################.;
	## save the rules and set them to restore on reboot .;
	#ifYesDo "iptables-save > /etc/iptables-rules"; # save iptables rules.;
	#ifYesDo "catIntoFile $'#!/bin/sh\n iptables-restore < /etc/iptables-rules\nexit 0' /etc/network/if-pre-up.d/iptablesload; chmod +x /etc/network/if-pre-up.d/iptablesload;"; # create /etc/network/if-pre-up.d/iptablesload and make it excutable.;
}
setupl2tp_old_2(){
	local templateIpsecConfFileDir=${pffs_var_templateFolderName}"/l2tpd/ipsec.conf";
	local templateXl2tpdConfFileDir=${pffs_var_templateFolderName}"/l2tpd/xl2tpd.conf";
	ifYesDo "catIntoFile $'nospoof on' /etc/host.conf"; # nospoof.;
	ifYesDo "apt-get -y update"; # update.;
	ifYesDo "iptables --table nat --append POSTROUTING --jump MASQUERADE"; # create nat rule for iptables.;
	ifYesDo "apt-get -y install openswan xl2tpd ppp"; # intall l2tp with default option.;
	ifYesDo "cat ${templateIpsecConfFileDir} > /etc/ipsec.conf;"; # create ipsec.conf file
	ifYesDo "catIntoFile $'${templateIpsecConfFileDir}' /etc/ipsec.conf;"; # create ipsec.conf file
	ifYesDo "mustBeExist /etc/xl2tpd/; catIntoFile $'${templateIpsecConfFileDir}' /etc/xl2tpd/xl2tpd.conf;"; # create xl2tpd.conf file
	ifYesDo "echo 'net.ipv4.ip_forward = 1' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.accept_redirects = 0' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.send_redirects = 0' |  tee -a /etc/sysctl.conf; for vpn in /proc/sys/net/ipv4/conf/*; do 	echo 0 > \$vpn/accept_redirects; echo 0 > \$vpn/send_redirects;done; sysctl -p"; # enable kernel IP packet forwarding and disable ICP redirects.;
	ifYesDo "catIntoFile 'test	l2tpd	vpn4testonly			*' /etc/ppp/chap-secrets;"; # configure /etc/ppp/chap-secretes to add user.;
}

setupl2tp(){
	local templateIpsecConfFileDir=${pffs_var_templateFolderName}"/l2tpd/ipsec.conf";
	local templateIPSecVPNServiceFileDir=${pffs_var_templateFolderName}"/l2tpd/etc_init.d_ipsec.vpn";
	local templateXl2tpdConfFileDir=${pffs_var_templateFolderName}"/l2tpd/xl2tpd.conf";
	local templateOptionsXl2tpdFileDir=${pffs_var_templateFolderName}"/l2tpd/options.xl2tpd";
	local hostServerIPAddress=$(ifconfig |grep 255.255.255.0|awk '{print $(2)}'|awk -F: '{print $(2)}');
	local passwordForIPSec='passwordForIPSec';
	ifYesDo "catIntoFile $'nospoof on' /etc/host.conf"; # nospoof.;
	ifYesDo "apt-get -y update"; # update.;
	ifYesDo "iptables --table nat --append POSTROUTING --jump MASQUERADE"; # create nat rule for iptables.;
	ifYesDo "apt-get -y install openswan xl2tpd ppp"; # intall l2tp with default option.;
	# ifYesDo "cat ${templateIpsecConfFileDir} > /etc/ipsec.conf;"; # create ipsec.conf file
	ifYesDo "catIntoFile $'${templateIpsecConfFileDir}' /etc/ipsec.conf;"; # create ipsec.conf file
	ifYesDo "readNonBlankValue 'Please provide the IP address of this server(${hostServerIPAddress}):' hostServerIPAddress $'${hostServerIPAddress}'; readNonBlankValue 'Please provide the password for IPsec(${passwordForIPSec}):' passwordForIPSec $'${passwordForIPSec}'; setIntoFile '${hostServerIPAddress}   %any:   PSK  \"${passwordForIPSec}\";/etc/init.d/ipsec status; echo 'NOW start ipsec'; /etc/init.d/ipsec start;/etc/init.d/ipsec status;'";
	ifYesDo "ipsec verify;"
	ifYesDo "echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects; echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects;"
	ifYesDo "catIntoFile $'${templateIPSecVPNServiceFileDir}' /etc/init.d/ipsec.vpn; sudo chmod 755 /etc/init.d/ipsec.vpn; update-rc.d -f ipsec remove; update-rc.d ipsec.vpn defaults;";
	ifYesDo "echo 'setting l2tp'";
	ifYesDo "mustBeExist /etc/xl2tpd/; catIntoFile $'${templateXl2tpdConfFileDir}' /etc/xl2tpd/xl2tpd.conf; sedIntoFile 'local ip = ${hostServerIPAddress}' /etc/xl2tpd/xl2tpd.conf replace 'local ip = 10.152.2.1';";
	ifYesDo "sedIntoFile '* * exampleforchanllengestring' /etc/xl2tpd/l2tp-secrets after '# *	*	interop';";
	ifYesDo "catIntoFile $'${templateOptionsXl2tpdFileDir}' /etc/ppp/options.xl2tpd;";
	#ifYesDo "echo 'net.ipv4.ip_forward = 1'| tee -a /etc/sysctl.conf; sysctl -p;'";
	ifYesDo "sedIntoFile 'net.ipv4.ip_forward=1' /etc/sysctl.conf after '#net.ipv4.ip_forward=1' ; sysctl -p ;"; # enable net.ipv4.ip_forward.;
	ifYesDo "/etc/init.d/ipsec.vpn restart";
	ifYesDo "/etc/init.d/xl2tpd restart";


	ifYesDo "echo 'net.ipv4.ip_forward = 1' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.accept_redirects = 0' |  tee -a /etc/sysctl.conf; echo 'net.ipv4.conf.all.send_redirects = 0' |  tee -a /etc/sysctl.conf; for vpn in /proc/sys/net/ipv4/conf/*; do 	echo 0 > \$vpn/accept_redirects; echo 0 > \$vpn/send_redirects;done; sysctl -p"; # enable kernel IP packet forwarding and disable ICP redirects.;
	ifYesDo "catIntoFile 'test	l2tpd	vpn4testonly			*' /etc/ppp/chap-secrets;"; # configure /etc/ppp/chap-secretes to add user.;
}
setupl2tp;
